package com.ruoyi.modules.monitor.config;

import de.codecentric.boot.admin.server.config.AdminServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;

import static org.springframework.security.config.Customizer.withDefaults;

/**
 * 监控权限配置
 * 
 * @author ruoyi
 */
@EnableWebSecurity
public class WebSecurityConfigurer
{
    private final String adminContextPath;

    public WebSecurityConfigurer(AdminServerProperties adminServerProperties)
    {
        this.adminContextPath = adminServerProperties.getContextPath();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception
    {
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        successHandler.setTargetUrlParameter("redirectTo");
        successHandler.setDefaultTargetUrl(adminContextPath + "/");

        // return httpSecurity
        //         .requestMatchers(adminContextPath + "/assets/**"
        //                 , adminContextPath + "/login"
        //                 , adminContextPath + "/actuator/**"
        //                 , adminContextPath + "/instances/**"
        //         ).permitAll()
        //         .anyRequest().authenticated()
        //         .and()
        //         .formLogin().loginPage(adminContextPath + "/login")
        //         .successHandler(successHandler).and()
        //         .logout().logoutUrl(adminContextPath + "/logout")
        //         .and()
        //         .httpBasic().and()
        //         .csrf()
        //         .disable()
        //         .build();

        return httpSecurity
                // 1. 配置请求授权规则
                .authorizeHttpRequests(auth -> auth
                        .requestMatchers(
                                adminContextPath + "/assets/**",
                                adminContextPath + "/login",
                                adminContextPath + "/actuator/**",
                                adminContextPath + "/instances/**"
                        ).permitAll()  // 允许访问的路径
                        .anyRequest().authenticated()  // 其他路径需要认证
                )

                // 2. 配置表单登录
                .formLogin(form -> form
                        .loginPage(adminContextPath + "/login")  // 自定义登录页
                        .successHandler(successHandler)  // 登录成功处理器
                )

                // 3. 配置退出登录
                .logout(logout -> logout
                        .logoutUrl(adminContextPath + "/logout")  // 退出登录路径
                )

                // 4. 配置 HTTP Basic 认证（保持默认配置）
                .httpBasic(withDefaults())

                // 5. 禁用 CSRF（根据你的实际需求决定是否保留）
                .csrf(csrf -> csrf.disable())

                // 构建 SecurityFilterChain
                .build();
    }
}
